Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vp56-r7qv-783v: ahh vulnerable to Path Traversal

Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.

ghsa
#git

ahh vulnerable to Path Traversal

Moderate severity GitHub Reviewed Published Dec 28, 2022 • Updated Dec 30, 2022

Related news

CVE-2020-36559: #266 addressing path traversal issue on static file delivery by jeevatkm · Pull Request #267 · go-aah/aah

Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.